Impact
This vulnerability can be exploited by an unauthenticated attacker and opens the possibility of not only attacking other local services, but also the router of the home network. The ability to receive and write CSS files can be used by the attacker to find out what other services are running on devices in the network or what kind of router is used etc. before running additional attacks.
Patches
It is recommendet to upgrade to Mail 1.12.7 or Mail 1.13.6
Workarounds
Users can manually delete the file located at ./vendor/cerdic/css-tidy/css_optimiser.php
References
For more information
If you have any questions or comments about this advisory:
Impact
This vulnerability can be exploited by an unauthenticated attacker and opens the possibility of not only attacking other local services, but also the router of the home network. The ability to receive and write CSS files can be used by the attacker to find out what other services are running on devices in the network or what kind of router is used etc. before running additional attacks.
Patches
It is recommendet to upgrade to Mail 1.12.7 or Mail 1.13.6
Workarounds
Users can manually delete the file located at
./vendor/cerdic/css-tidy/css_optimiser.php
References
For more information
If you have any questions or comments about this advisory: